Vibe Coding Failures

A curated directory of documented incidents where AI-generated and vibe-coded software failed in production. Every entry cites its authoritative source.

Last updated: March 2026

Incidents

6.3M+

Records affected

35+

CVEs tracked

Vulns found

34 incidents

Sort:

AmazonCRITICALMar 5, 2026

6-hour outage wipes 99% of U.S. order volume

trending_down~6.3 million lost orderscloud_offProduction OutagesD3 Security ↗

AmazonHIGHMar 2, 2026

Incorrect delivery times appear in shopping carts

trending_down~120,000 lost orderscloud_offProduction OutagesAutonoma AI ↗

DataTalks.ClubCRITICALMar 2026

Claude Code runs terraform destroy, nukes 2.5 years of production data

trending_down1.94M rows lost, 100K+ students affectedcloud_offProduction OutagesTom's Hardware ↗

LiteLLM (PyPI)CRITICALMar 2026

Compromised PyPI package deploys credential harvester on 95M monthly downloads

trending_down95M monthly downloads compromisedlink_offSupply ChainEndor Labs ↗

OrchidsCRITICALFeb 2026

Zero-click hack hijacks BBC reporter's laptop in live demo

trending_down1M+ platform users at riskdatabaseData ExposuresInformationWeek ↗

MoltbookCRITICALFeb 2026

Misconfigured database exposes 1.5M auth tokens and 35K emails

trending_down1.5M tokens + 35K emails exposeddatabaseData ExposuresTowards Data Science ↗

gemini-mcp-toolCRITICALJan 2026

CVE-2026-0755: critical command injection, CVSS 9.8

trending_downCVSS 9.8, unauthenticated RCEbug_reportTool VulnerabilitiesSentinelOne ↗

MetaHIGHJan 2026

AI agent posts incorrect security guidance, grants unauthorized access for 2 hours

trending_down2-hour unauthorized access to sensitive codecloud_offProduction OutagesAutonoma AI ↗

5,600 Vibe-Coded AppsCRITICAL2026

2,000+ vulnerabilities and 400+ exposed secrets across vibe-coded apps

trending_down2,000+ vulns, 400+ exposed secretsdatabaseData ExposuresEscape.tech ↗

OpenClawCRITICAL2026

CVE-2026-31992: allowlist bypass via env -S, CVSS 9.9

trending_downCVSS 9.9, full guardrail bypassbug_reportTool VulnerabilitiesNVD ↗

Gemini CLIHIGH2026

Agent destroys entire project by looping move command to non-existent directory

trending_downTotal irreversible project data losscloud_offProduction OutagesSnyk ↗

AmazonHIGHDec 2025

AI agent deletes and recreates environment, causes 13-hour outage

trending_down13-hour AWS outage (China)cloud_offProduction OutagesAutonoma AI ↗

All Major AI IDEsCRITICALDec 2025

IDEsaster: 30+ flaws and 24 CVEs across every major AI IDE

trending_down24 CVEs, 100% of tested IDEs vulnerablebug_reportTool VulnerabilitiesThe Hacker News ↗

MetaHIGHDec 2025

AI agent deletes 200+ emails from Director of AI Safety

trending_down200+ emails permanently deletedcloud_offProduction OutagesAutonoma AI ↗

Cursor / Windsurf / GoogleHIGHNov-Dec 2025

IDE forks recommend malicious extensions from unclaimed namespaces

trending_down1,000+ devs installed placeholder extensionslink_offSupply ChainBleepingComputer ↗

Cursor / WindsurfCRITICALOct 2025

94+ unpatched Chromium vulnerabilities affect 1.8M developers

trending_down1.8M developers at riskbug_reportTool VulnerabilitiesOX Security ↗

Next.js (React2Shell)CRITICALOct 2025

AI-generated malware exploits Next.js for pre-auth RCE, compromises 91 hosts

trending_down91 hosts compromised, zero coding expertise neededbug_reportTool VulnerabilitiesBankInfoSecurity ↗

GitHub CopilotCRITICALAug 2025

CVE-2025-53773: wormable RCE via prompt injection, CVSS 7.8

trending_downCVSS 7.8, wormable across reposbug_reportTool VulnerabilitiesEmbrace The Red ↗

Amazon Q DeveloperHIGHAug 2025

DNS data exfiltration leaks API keys and secrets from developer machines

trending_down1M+ Q Developer users potentially affectedbug_reportTool VulnerabilitiesEmbrace The Red ↗

npm ecosystemHIGHAug-Oct 2025

126 malicious npm packages exploit AI hallucinated package names

trending_down86,000+ downloads, credential theftlink_offSupply ChainAikido Security ↗

SaaStr / ReplitHIGHJul 2025

Replit AI agent violates code freeze, wipes entire production database

trending_downComplete production DB wiped, months of data at riskcloud_offProduction OutagesThe Register ↗

TeaCRITICALJul 2025

72,000 images and 1.1M private messages exposed via open Firebase bucket

trending_down72K images + 1.1M messages leakeddatabaseData ExposuresEngadget ↗

Amazon Q DeveloperCRITICALJul 2025

Malicious code injected into official VS Code extension release

trending_downShipped in official release, syntax error prevented damagebug_reportTool VulnerabilitiesBleepingComputer ↗

Cursor IDEHIGHJul 2025

MCPoison: MCP trust bypass allows persistent malicious command execution

trending_downCVSS 7.2, 100K+ Cursor devs affectedbug_reportTool VulnerabilitiesCheck Point Research ↗

LovableCRITICALMay 2025

CVE-2025-48757: missing Row Level Security exposes 170+ apps

trending_down170+ production apps exposeddatabaseData ExposuresAutonoma AI ↗

GitHub Copilot / CursorHIGHMar 2025

Rules File Backdoor: hidden Unicode instructions weaponize AI assistants

trending_downAny project using shared rule files at risklink_offSupply ChainPillar Security ↗

EnrichleadHIGHLate 2025

Startup shuts down after AI puts all security logic on the client side

trending_downComplete startup shutdowncloud_offProduction OutagesDEV Community ↗

Base44HIGH2025

Broken access controls expose every app on the platform

trending_downPlatform-wide exposuredatabaseData ExposuresAccorian Security ↗

Claude CodeHIGH2025

CVE-2025-55284: DNS exfiltration of secrets via prompt injection

trending_downCVSS 7.1, credential theft riskbug_reportTool VulnerabilitiesEmbrace The Red ↗

Cursor IDEHIGH2025

CVE-2025-59944: case-sensitivity bypass leads to RCE, CVSS 8.0

trending_downCVSS 8.0, RCE on Windows/macOSbug_reportTool VulnerabilitiesLakera ↗

Cursor IDECRITICAL2025

CVE-2025-54135: remote code execution with no user interaction

trending_downRCE on developer machinesbug_reportTool VulnerabilitiesAutonoma AI ↗

Hugging Face (PyPI)HIGH2025

AI-hallucinated package name gets 30,000+ real downloads

trending_down30,000+ downloads of fabricated packagelink_offSupply ChainLasso Security ↗

Vite (Shadow Stack)HIGH2025

CISA-flagged: AI preview workflows expose developer local files to network

trending_downLocal file access via network, CISA KEV listedbug_reportTool VulnerabilitiesCISA ↗

Databricks Red TeamCRITICAL2025

Claude scaffolds multiplayer game with instant RCE via insecure pickle serialization

trending_downNetwork-wide RCE in functional gamebug_reportTool VulnerabilitiesDatabricks ↗

Why this matters

These failures share a common root cause: code was shipped by people who did not understand it. AI generated something that looked correct, passed a cursory check, and went to production. The result was exposed databases, lost orders, and vulnerabilities that required zero user interaction to exploit.

The pattern is accelerating. CVE entries attributed to AI-generated code jumped from 6 in January 2026 to 35+ in March. A Tenzai study found 69 vulnerabilities across 15 apps built by 5 major AI coding tools. Every single app lacked CSRF protection. Every tool introduced SSRF vulnerabilities.

The antidote is the same as it has always been: understand your code. Data structures, algorithms, system design, and the ability to reason about what software is actually doing. AI is a powerful tool when wielded by someone who understands the output. Without that understanding, it is a liability.

Why Vibe Coding Won't Replace Developers

1.7x more bugs, 2.74x more vulnerabilities, 19% slower. The full data-driven analysis with 14 sources.

Read the article ↗

Frequently asked questions

What is vibe coding?expand_more

Vibe coding is a term coined by AI researcher Andrej Karpathy in early 2025. It refers to the practice of describing what you want in natural language, accepting whatever code an AI generates, and shipping it without review. The developer "gives in to the vibes" rather than understanding the code.

What are the biggest vibe coding failures?expand_more

The most significant documented failure is Amazon's March 2026 outage, where an AI-assisted code deployment caused a 6-hour shutdown of Amazon.com and an estimated 6.3 million lost orders. Other major incidents include Moltbook's exposure of 1.5 million authentication tokens, Orchids' zero-click hack demonstrated on BBC News, the Replit AI agent that wiped SaaStr's production database, and Claude Code running terraform destroy on 2.5 years of production data.

Is vibe coding safe for production?expand_more

The evidence suggests it is not. A December 2025 study by security firm Tenzai found 69 vulnerabilities across 15 apps built by 5 major AI coding tools. Every single app lacked CSRF protection, every tool introduced SSRF vulnerabilities, and zero apps set security headers. Escape.tech found 2,000+ vulnerabilities across 5,600 vibe-coded apps. Veracode's 2025 report found that 45% of AI-generated code introduced security flaws.

How many security vulnerabilities has AI-generated code caused?expand_more

The number is growing rapidly. In March 2026 alone, at least 35 new CVE entries were disclosed that were directly attributed to AI-generated code, up from 6 in January and 15 in February. The IDEsaster research found 30+ flaws across every major AI IDE, resulting in 24 CVEs. Escape.tech found 2,000+ vulnerabilities across 5,600 vibe-coded apps. Veracode reported that 45% of all AI-generated code contains at least one security flaw.

Which AI coding tools have had security vulnerabilities?expand_more

Every major AI coding tool has had documented security issues. Cursor has had multiple CVEs including remote code execution (CVE-2025-54135, CVE-2025-59944) and MCP trust bypass (CVE-2025-54136). GitHub Copilot had a wormable RCE (CVE-2025-53773). Amazon Q Developer had DNS exfiltration and supply chain injection issues. Claude Code had a DNS exfiltration vulnerability (CVE-2025-55284). The IDEsaster research found that 100% of tested AI IDEs were vulnerable.